The 12 days of GCHQ quizmas: test your brain power with these daily puzzles

Hackers fail at hacking into Chrome OS, leave £2.1m prize unclaimed

Google's Pwnium hack event went off well this year, as none of the attendees managed to find a security flaw in Chrome OS that would win them part of the offered prize of $3,141,590 (£2.1m). However, hackers did manage to find holes in the Chrome browser at the parallel Pwn2Own event, winning hundreds of thousands of dollars in the process.

Both Pwnium 3 and Pwn2Own were part of this year's CanSecWest security conference in Vancouver, where hackers gather to win prizes put up by large tech companies for finding vulnerabilities in software. Pwn2Own set a challenge of finding zero-day exploits in popular browsers, which this year meant the latest versions of Firefox, Internet Explorer, Safari and Chrome, running on either Windows 7 or OS X Lion.

ADVERTISEMENT

Pwniums 1 and 2 were set up by Google in previous years to focus on the Chrome browser, but its inclusion in Pwn2Own meant they shifted focus to Chrome OS for Pwnium 3 -- and even with an extended deadline, it came away without suffering a serious breach.

Entrants to Pwnium 3 were given a Samsung Series 5 550 Chromebook and 28 january through to 2pm on 7 March to look for holes, a deadline that was extended until 5pm at the request of frustrated hackers. They had good incentive to find holes, too, as Google was offering $110,000 (£74,000) for every "browser or system level compromise in guest mode or as a logged-in user" and $150,000 (£100,000) for every "compromise with device persistence, guest to guest with interim reboot", up to a total of $π million.

However, as Google closed the competition, it said: "We did not receive any winning entries but we are evaluating some work that may qualify as partial exploits." It's still good news for Google, which markets Chrome OS at consumers with emphasis on its robust security and "virus-free" ecosystem. However, there have still been concerns raised by some analysts like Roel Schouwenberg, a researcher at Kaspersky Labs, that Chrome OS users are as vulnerable to malicious apps from the Chrome marketplace as much as Android users are at risk from malicious apps in the Android marketplace.

ADVERTISEMENT

The browsers being looked at by the entrants of Pwn2Own fared nowhere near as well, though -- Firefox, Chrome and IE10 were each thoroughly beaten within hours, while Safari escaped only because nobody appears to have registered to focus on it. MWR Labs won Pwn2Own's first prize and $60,000 (£40,000) for finding zero day vulnerabilities in Internet Explorer and Chrome, while Vincenzo Iozzo and Willem Pinckaers came second for finding one zero day vulnerability in Firefox, netting them $30,000 (£20,000).